Data breach at SD plastic surgery business could affect patients

Columnist Kim Komando talks about how to protect yourself and your internet security.
Kim Komando Special for USA Today

Dr. Vaughn Meyer, a plastic surgeon with Plastic Surgery Associates of South Dakota, examines the scar of Lauryn Eggen who had a dog bite to the face as a two-year old.(Photo: Dave Eggen/inertia/for the SFBJ)

Plastic Surgery Associates of South Dakota has announced a data breach that may have left some patient records open to hackers.

The company, founded in 2011, has locations in Sioux Falls, Dakota Dunes, Yankton, Mitchell, Watertown and Spencer, Iowa.

A news release issued Thursday says the company learned of the ransomware attack on Feb. 12 and began to remove it immediately by hiring third-party experts to determine what data was potentially accessed.

Plastic Surgery Associates is providing notice to approximately 10,200 individuals regarding the recent ransomware attack on its practice.

Most patient records were not accessed, but investigators were unable to locate all the evidence needed in the clean-up efforts. By April 24, the company decided that it could not conclude that all patient information was protected.

No evidence of “actual or attempted misuse of patient information” has been found, the release says, but the company chose to issue a notice “out of an abundance of caution.”

The company is reporting the incident to the U.S. Department of Health and Human Services, “working to implement additional safeguards” and offering a year of credit monitoring through Equifax and Credit Watch to those who might be affected.